VYPR

DeployHub Plugin

by Jenkins Project

CVEs (29)

  • CVE-2020-2171HigMar 25, 2020
    risk 0.57cvss 8.8epss 0.01

    Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2019-16570HigDec 17, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.

  • CVE-2019-16560HigDec 17, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

  • CVE-2019-10464HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file…

  • CVE-2019-1003072HigApr 4, 2019
    risk 0.57cvss 8.8epss 0.01

    Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-1003056HigApr 4, 2019
    risk 0.57cvss 8.8epss 0.01

    Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10286HigApr 4, 2019
    risk 0.50cvss 8.8epss 0.02

    Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2020-2108HigJan 29, 2020
    risk 0.49cvss 7.6epss 0.01

    Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

  • CVE-2019-16561HigDec 17, 2019
    risk 0.46cvss 7.1epss 0.01

    Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.

  • CVE-2022-36909MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.01

    A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins…

  • CVE-2022-36908MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller…

  • CVE-2022-36907MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.01

    A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

  • CVE-2022-36906MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

  • CVE-2019-1003081MedApr 4, 2019
    risk 0.42cvss 6.5epss 0.02

    A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

  • CVE-2019-1003080MedApr 4, 2019
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.

  • CVE-2020-2174MedApr 7, 2020
    risk 0.40cvss 6.1epss 0.01

    Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.

  • CVE-2021-21664MedJun 10, 2021
    risk 0.35cvss 6.5epss 0.01

    An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password…

  • CVE-2020-2170MedMar 25, 2020
    risk 0.35cvss 5.4epss 0.01

    Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.

  • CVE-2019-16559MedDec 17, 2019
    risk 0.35cvss 5.4epss 0.01

    A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

  • CVE-2019-10305MedApr 18, 2019
    risk 0.35cvss 6.5epss 0.01

    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

Page 1 of 2